"PARANOIDSERVERSECURITY" : ("paranoid server security", SambaParmBool, P_GLOBAL, "Yes"),
"WTMPDIRECTORY" : ("wtmp directory", SambaParmString, P_GLOBAL, ""),
"ADDPRINTERCOMMAND" : ("addprinter command", SambaParmString, P_GLOBAL, ""),
- "PRINTERADMIN" : ("printer admin", SambaParmString, P_LOCAL, ""),
"WINSSERVER" : ("wins server", SambaParmString, P_GLOBAL, ""),
"LDAPTIMEOUT" : ("ldap timeout", SambaParmString, P_GLOBAL, "15"),
"LOCKDIRECTORY" : ("lock directory", SambaParmString, P_GLOBAL, "/var/lib/samba"),
if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
!security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) &&
- !nt_token_check_sid(&global_sid_Builtin_Print_Operators, p->session_info->security_token) &&
- !token_contains_name_in_list(
- uidtoname(p->session_info->unix_token->uid),
- p->session_info->info->domain_name,
- NULL,
- p->session_info->security_token,
- lp_printer_admin(snum))) {
+ !nt_token_check_sid(&global_sid_Builtin_Print_Operators,
+ p->session_info->security_token)) {
close_printer_handle(p, r->out.handle);
ZERO_STRUCTP(r->out.handle);
DEBUG(3,("access DENIED as user is not root, "
/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
and not a printer admin, then fail */
- if ( (p->session_info->unix_token->uid != sec_initial_uid())
- && !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR)
- && !token_contains_name_in_list(
- uidtoname(p->session_info->unix_token->uid),
- p->session_info->info->domain_name,
- NULL,
- p->session_info->security_token,
- lp_printer_admin(-1)) )
- {
+ if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
+ !security_token_has_privilege(p->session_info->security_token,
+ SEC_PRIV_PRINT_OPERATOR)) {
return WERR_ACCESS_DENIED;
}
/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
and not a printer admin, then fail */
- if ( (p->session_info->unix_token->uid != sec_initial_uid())
- && !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR)
- && !token_contains_name_in_list(
- uidtoname(p->session_info->unix_token->uid),
- p->session_info->info->domain_name,
- NULL,
- p->session_info->security_token, lp_printer_admin(-1)) )
- {
+ if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
+ !security_token_has_privilege(p->session_info->security_token,
+ SEC_PRIV_PRINT_OPERATOR)) {
return WERR_ACCESS_DENIED;
}
and not a printer admin, then fail */
if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
- !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) &&
- !token_contains_name_in_list(uidtoname(p->session_info->unix_token->uid),
- p->session_info->info->domain_name,
- NULL,
- p->session_info->security_token,
- lp_printer_admin(snum))) {
+ !security_token_has_privilege(p->session_info->security_token,
+ SEC_PRIV_PRINT_OPERATOR)) {
DEBUG(2,("_spoolss_Addform: denied by insufficient permissions.\n"));
return WERR_ACCESS_DENIED;
}
}
if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
- !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) &&
- !token_contains_name_in_list(uidtoname(p->session_info->unix_token->uid),
- p->session_info->info->domain_name,
- NULL,
- p->session_info->security_token,
- lp_printer_admin(snum))) {
+ !security_token_has_privilege(p->session_info->security_token,
+ SEC_PRIV_PRINT_OPERATOR)) {
DEBUG(2,("_spoolss_DeleteForm: denied by insufficient permissions.\n"));
return WERR_ACCESS_DENIED;
}
and not a printer admin, then fail */
if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
- !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) &&
- !token_contains_name_in_list(uidtoname(p->session_info->unix_token->uid),
- p->session_info->info->domain_name,
- NULL,
- p->session_info->security_token,
- lp_printer_admin(snum))) {
+ !security_token_has_privilege(p->session_info->security_token,
+ SEC_PRIV_PRINT_OPERATOR)) {
DEBUG(2,("_spoolss_Setform: denied by insufficient permissions.\n"));
return WERR_ACCESS_DENIED;
}